CVE-2020-11723

Опубликовано: 14 апр. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction.

Ссылки

http://packetstormsecurity.com/files/157217/Cellebrite-UFED-7.29-Hardcoded-ADB-Authentication-Keys.html
Third Party Advisory
VDB Entry
https://www.cellebrite.com/en/productupdates/ufed-and-ufed-infield-7-30-provides-new-support-for-smartphones-with-huawei-kirin-processor/
Exploit
Vendor Advisory
http://packetstormsecurity.com/files/157217/Cellebrite-UFED-7.29-Hardcoded-ADB-Authentication-Keys.html
Third Party Advisory
VDB Entry
https://www.cellebrite.com/en/productupdates/ufed-and-ufed-infield-7-30-provides-new-support-for-smartphones-with-huawei-kirin-processor/
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cellebrite:ufed_firmware:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 7.29 (включая)

cpe:2.3:h:cellebrite:ufed:-:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00111

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-2p37-pq7q-44mr

github

больше 3 лет назад